Lucene search

K
nvd[email protected]NVD:CVE-2010-1423
HistoryApr 15, 2010 - 9:30 p.m.

CVE-2010-1423

2010-04-1521:30:00
CWE-78
web.nvd.nist.gov

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

7.9 High

AI Score

Confidence

Low

0.931 High

EPSS

Percentile

99.1%

Argument injection vulnerability in the URI handler in (a) Java NPAPI plugin and (b) Java Deployment Toolkit in Java 6 Update 10, 19, and other versions, when running on Windows and possibly on Linux, allows remote attackers to execute arbitrary code via the (1) -J or (2) -XXaltjvm argument to javaws.exe, which is processed by the launch method. NOTE: some of these details are obtained from third party information.

Affected configurations

NVD
Node
oraclejdkRange1.6.0update19
OR
oraclejdkMatch1.6.0update10
OR
oraclejreRange1.6.0update19
OR
oraclejreMatch1.6.0update_10

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

7.9 High

AI Score

Confidence

Low

0.931 High

EPSS

Percentile

99.1%